comment on

I'm going over some older code of mine with the intention of resolving some intermittent problems users have had with the file upload feature in one of my CGI's. I have a CGI that allows users to upload a picture of themselves (a la Perl Monks)... very simple. The file size limit is 30K, and I've limited it to JPEGS only.

Anyway, my original code used the "param is a filename and a filehandle" technique from CGI.pm like:

use CGI qw(:standard);

$photo_save_name ="something";
    
my $file_name = param('photo');
   
if ($file_name !~ /\.jpe?g$/) {
    $error = "You can only upload a picture in JPEG format.";
}
    
open (F, ">$photo_save_name");

while (<$file_name>) {
    print F;
}
[download]

There's lots of problems here: 1) it doesn't work under strict, 2) checking MIME is better than checking regex, 3) It doesn't check for filesize. I checked out Ovid's nice (Ovid) Re: File Upload To Selected Directory to get going but none of the file upload features from CGI.pm seem to be working.

For example:

$CGI::POST_MAX = 36000; is not preventing uploads of (for example) 100k+ files
my $fh = upload($file_name); is not returning a filehandle... and it doesn't throw an error, even though $file_name is verified to exist (as a string, at least)
my $tmpfile=tmpFileName($file_name); returns an empty string
my $format = uploadInfo($file_name)->{'Content-Type'} throws a "Cannot use undefined value as a hash reference" error, even though (like above) $file_name at least has a string value.

I know that the data is getting to CGI.pm (yes, I'm using multipart/form-data on my web page). I know that CGI.pm is at least sort of working, since my original method works fine. My script is using CGI.pm version 2.74 (verified by die ("Version is $CGI::VERSION"); Anyone have the slightest idea of what's going on? Oh yeah, the Perl version is 5.004. Please, someone tell me I'm an idiot.

Thanks bunches!

Gary Blackburn
Trained Killer

In reply to CGI.pm file upload freaking me out by Trimbach

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.